GB2366948A - Operating protocol for interoperability between wireless LANs - Google Patents

Operating protocol for interoperability between wireless LANs Download PDF

Info

Publication number
GB2366948A
GB2366948A GB0022604A GB0022604A GB2366948A GB 2366948 A GB2366948 A GB 2366948A GB 0022604 A GB0022604 A GB 0022604A GB 0022604 A GB0022604 A GB 0022604A GB 2366948 A GB2366948 A GB 2366948A
Authority
GB
United Kingdom
Prior art keywords
lan
subscriber
aaa
operator
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0022604A
Other versions
GB2366948B (en
GB0022604D0 (en
Inventor
Michael Gallagher
Robert Hancock
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Roke Manor Research Ltd
Original Assignee
Roke Manor Research Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Roke Manor Research Ltd filed Critical Roke Manor Research Ltd
Priority to GB0022604A priority Critical patent/GB2366948B/en
Publication of GB0022604D0 publication Critical patent/GB0022604D0/en
Priority to EP01203097A priority patent/EP1199843B1/en
Priority to DE60130857T priority patent/DE60130857T2/en
Priority to US09/953,369 priority patent/US20020034298A1/en
Publication of GB2366948A publication Critical patent/GB2366948A/en
Application granted granted Critical
Publication of GB2366948B publication Critical patent/GB2366948B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/02Inter-networking arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Abstract

User-mobility between LANs is afforded particularly by wireless LAN (W-LAN) systems, whereby a user subscribing to a LAN operated by a so-called Home Operator connects, as a "visitor", to one or more other LAN sites, basing such connection, for charging and other operational purposes, on that user's subscription with its Home Operator. The protocol of the present application links a user's identity with the address of the Home Operator, and stores this information at the visited LAN site, thereby permitting a visiting user, once authenticated by user-interaction, as a visitor with regard to a particular LAN, to revisit that LAN for as long as its authentication with the Home Operator remains sound, without the need for further user intervention.

Description

<Desc/Clms Page number 1> LAN USER PROTOCOL This invention relates to operating protocols for Local Area Network (LAN) systems, and it relates especially to such protocols as can cope with the problems of user-mobility between LANs, as afforded particularly by wireless LAN (W-LAN) systems.
In W-LAN systems, it is often the case that a user, subscribing with one network operator (hereinafter called "the Home Operator" for that user), wishes to connect, as a " visitor", to one or more other LAN sites; basing such connection, for charging and other operational purposes, on that user's subscription with its Home Operator. This activity is commonly referred to as Wireless-LAN roaming, and existing protocols permitting the activity are cumbersome, as the necessary authentication procedure requires user intervention at each visit.
This invention provides a protocol that pen-nits a visiting user, once authenticated as a visitor with regard to a particular LAN, to revisit that LAN for as long as the user's authentication with the Home Operator remains sound, without further user intervention.
According to the invention there is provided a user protocol for W- LAN systems whereby the operator of each LAN administers home (H) network and Visitor (V) network authentication, authorisation and accounting (AAA) servers and wherein a subscriber to a first LAN wishing to connect for the first time to a second LAN conveys to the operator of the second LAN, by user intervention, information, identifying both the subscriber and the operator of the first LAN, sufficient to enable the V-AAA server of the second LAN to communicate with the H-AAA server of the first LAN so as to authenticate the proposed connection; the V-AAA storing information linking the subscriber to the operator of the first LAN for so long as the
<Desc/Clms Page number 2>
subscriber remains authorised by the operator of the first LAN, whereby subsequent connections by the subscriber to the second LAN may be made without user intervention.
This is achieved because the subscriber's identity, when announced to the second LAN as part of the routine connect procedure, is correlated by the V-AAA server with the previously -given identity of the H-AAA server for that subscriber, and the V-AAA automatically communicates with the H-AAA to derive the necessary authorisation and to organise the necessary charging, etc.
The V-AAA thus stores the subscriber/H-AAA linking data until such time as the H-AAA supplies it with information to the effect that the subscriber's authorisation is no longer valid or until an authentication transaction with the H-AAA fails. At this point the link is broken, and subsequent attempts by the subscriber to connect with the second LAN will fall, unless they are, as a result of further user-intervention, shown to be authorised by the H-AAA server of another LAN system.
Preferably, the information supplied by the subscriber, by way of user intervention, includes the subscriber's MAC address and an identifier, such as a user name or MSISDN number, that allows the operator of the subscriber's Home Network to be identified.
This permits the V-AAA server of the second LAN operator to utilise the identifier to locate the H-AAA server of the Home Operator for that subscriber, and to request the H-AAA server to authenticate the desired connection. Once this has been performed, charging information for the session can be forwarded to the H-AAA enabling the H-AAA operator to bill the user and make payment to the visited LAN reporter.
Further, when that subscriber connects to the second LAN on a subsequent occasion, the inforination held at the V-AAA server of the second LAN and linking the subscriber's address to the Home Network
<Desc/Clms Page number 3>
identifier, allows authentication of the requested connection to be effected automatically and without user intervention on the part of the subscriber.
In order that the invention may be fully understood and readily carried into effect, one embodiment thereof will now be described, by way of example only, with reference to the accompanying drawing, the single figure of which shows, in schematic form, the operation of a protocol in accordance with one embodiment of the invention.
Referring now to the drawing, there is shown schematically within the outline I a LAN operated by a first network operator A. Operator A operates H-AAA and V-AAA servers, 2 and 3 respectively, in respect of the LAN 1. Subscribers to the network I are operating on their Home Network, and thus communicate with the H-AAA server 2 for all operational and charging purposes related to connections to that LAN.
Similarly, there is shown schematically within the outline 4 a LAN operated by a second network operator B. Operator B operates H-AAA and V-AAA servers, 5 and 6 respectively, in respect of the LAN 4. Subscribers to the network 4 are operating on their Home Network, and thus communicate with the H-AAA server 5 for all operational and charging purposes related to connections to that LAN.
As indicated by the dashed line connections 7 and 8, the H-AAA server 2 is in communication with the V-AAA server 6 and, indeed with the V-AAA servers of further LAN systems (not shown) to which subscribers to the LAN I may make connection as visitors. Likewise, the H-AAA server 5 is in conununication with the V-AAA server 3 and, indeed with the V-AAA servers of further LAN systems (not shown) to which subscribers to the LAN 4 may make connection as visitors.
Within the outline I there are shown schematically first and second subscribers 9 and 10, these being subscribers of the network 4 but
<Desc/Clms Page number 4>
wishing to connect to the network 1. Likewise, within the outline 4 there are shown schematically first and second subscribers I I and 12, these being subscribers of the network I but wishing to connect to the network 4. These are visiting subscribers and, in each case and on the first occasion of such connection, there will have to be user intervention to establish the flow of sufficient information, between such subscribers and the V-AAA server of the network to which they wish to connect, to permit the necessary authorisations and charging procedures to be out in place. This user intervention and the associated information flow is indicated schematically by the dashed lines 13 - 16.
As part of the initial process setting up the relationship between each subscriber and its Home Network Operator, the subscriber is given an identifier which also identifies its Home Network in some convenient standardised way, such as NAI or MSISDN for example.
When that subscriber first seeks to connect, as a visitor, to another network, the subscriber is, as part of a setting-up procedure requiring user intervention, called upon to identify itself, for example by its MAC address or any other id that is automatically provided during normal WLAN authentication procedures, and also to enter an identifier, such as a user name or MSISDN, that allows the subscriber's Home Network to be determined. Utilising that identifier, the V-AAA server locates the H- AAA server at the subscriber's Home Network and seeks authentication of the subscriber.
Assuming that such authentication is forthcoming, the V-AAA server keeps a copy of the MAC address of the subscriber's WLAN device, along with the H-AAA identifier. This information, which links the identity of subscriber's WLAN device to that of its home network, is stored by the V-AAA for future use. Hence, when the subscriber seeks connection to that LAN on subsequent occasions, the linked
<Desc/Clms Page number 5>
identification data permits the necessary authentication to proceed without user intervention. This state of affairs persists for as long as the subscriber remains authenticated by the same Home Network, and is true for all public LANs within the administrative control of the same visitor network operator. Once authentication fails, the linked identification data are purged, with the consequence that automatic authentication of that subscriber as a visitor to a LAN will cease, unless or until the subscriber establishes, through a repeat of the initial process involving user intervention, accreditation by a new Home Operator.
The invention permits operators to add new LAN sites to their operations without modifying externally established trust relationships, and moreover to add new partner operators without modifying internal trust relationships.
It may be appropriate, depending upon the nature of any rules controlling the extent to which W-LAN subscribers can roam, to associate each MAC address (or other device identifier) with a W-LAN network type, so that MAC addresses or other identifiers that are shared by different W-LAN technologies, such as IEEE 802.11 and Bluetooth, are not ambiguous.
Although the invention has been described with regard to one particular embodiment thereof, it is not intended that the scope of the claims of this application be limited to that embodiment, and alternative arrangements will be evident in many respects to those skilled in the art. For example, the H-AAA and V-AAA servers (such as 2 and 3) associated with any given LAN need not consist of respective, stand- alone units, as shown in the drawing, but may instead be combined into a common unit.
<Desc/Clms Page number 6>

Claims (8)

  1. CLAIMS: 1. A user protocol for W-LAN systems whereby the operator of each LAN administers home (H) network and Visitor (V) network authentication, authorisation and accounting (AAA) servers and wherein a subscriber to a first LAN wishing to connect for the first time to a second LAN conveys to the operator of the second LAN, by user intervention, information, identifying both the subscriber and the operator of the first LAN, sufficient to enable the V-AAA server of the second LAN to communicate with the H-AAA server of the first LAN so as to authenticate the proposed connection; the V-AAA storing information linking the subscriber to the operator of the first LAN for so long as the subscriber remains authorised by the operator of the first LAN, whereby subsequent connections by the subscriber to the second LAN may be made without user intervention.
  2. 2. A protocol according to Claim I wherein the subscriber's identity, when announced to the second LAN as part of the routine connect procedure, is correlated by the V-AAA server with the previously-given identity of the H-AAA server for that subscriber, and the V-AAA automatically communicates with the H-AAA to derive the necessary authentication and authorisation and subsequently delivers accounting information.
  3. 3. A protocol according to Claim 2 wherein the V-AAA stores the subscriber/H-AAA linking data until such time as the H-AAA supplies it with information to the effect that the subscriber's authorisation is no longer valid or until an authentication transaction fails.
    <Desc/Clms Page number 7>
  4. 4. A protocol according to Claim 3 wherein, in order to re-establish connection to the second LAN, the subscriber demonstrates, as a result of further user-intervention, authorisation deriving from an H-AAA server of another LAN system.
  5. 5. A protocol according to any preceding claim wherein the information supplied by the subscriber, by way of user intervention, includes the subscriber's MAC address or any other automatically presented identifier and an identifier that allows the operator of the subscriber's Home Network to be identified.
  6. 6. A protocol according to Claim 5 wherein said identifier comprises a user name or MSISDN number.
  7. 7. A protocol according to Claim 5 or Claim 6 wherein the V-AAA server of the second LAN operator utillses the identifier to locate the H- AAA server of the Home Operator for that subscriber, and to request the H-AAA server to authenticate the desired connection.
  8. 8. A W-LAN protocol substantially as herein described with reference to the accompanying drawing.
GB0022604A 2000-09-15 2000-09-15 LAN user protocol Expired - Fee Related GB2366948B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
GB0022604A GB2366948B (en) 2000-09-15 2000-09-15 LAN user protocol
EP01203097A EP1199843B1 (en) 2000-09-15 2001-08-03 Lan user protocol
DE60130857T DE60130857T2 (en) 2000-09-15 2001-08-03 User protocol for local area network
US09/953,369 US20020034298A1 (en) 2000-09-15 2001-09-17 LAN user protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0022604A GB2366948B (en) 2000-09-15 2000-09-15 LAN user protocol

Publications (3)

Publication Number Publication Date
GB0022604D0 GB0022604D0 (en) 2000-11-01
GB2366948A true GB2366948A (en) 2002-03-20
GB2366948B GB2366948B (en) 2004-01-21

Family

ID=9899481

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0022604A Expired - Fee Related GB2366948B (en) 2000-09-15 2000-09-15 LAN user protocol

Country Status (4)

Country Link
US (1) US20020034298A1 (en)
EP (1) EP1199843B1 (en)
DE (1) DE60130857T2 (en)
GB (1) GB2366948B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008048756A2 (en) * 2006-10-16 2008-04-24 Motorola Inc. Method and apparatus for re-registration of connections for service continuity
EP2337388A3 (en) * 2009-12-21 2011-08-31 France Telecom Method for secure access by at least one visitor terminal to a host network
US8213394B2 (en) 2006-10-16 2012-07-03 Motorola Mobility, Inc. Method and apparatus for management of inactive connections for service continuity in an agnostic access internet protocol multimedia communication

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002009458A2 (en) * 2000-07-24 2002-01-31 Bluesocket, Inc. Method and system for enabling seamless roaming in a wireless network
US7146636B2 (en) * 2000-07-24 2006-12-05 Bluesocket, Inc. Method and system for enabling centralized control of wireless local area networks
DE10043203A1 (en) * 2000-09-01 2002-03-21 Siemens Ag Generic WLAN architecture
US7126937B2 (en) * 2000-12-26 2006-10-24 Bluesocket, Inc. Methods and systems for clock synchronization across wireless networks
US20020136226A1 (en) * 2001-03-26 2002-09-26 Bluesocket, Inc. Methods and systems for enabling seamless roaming of mobile devices among wireless networks
AU2002343424A1 (en) * 2001-09-28 2003-04-14 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
US7394795B2 (en) 2002-03-26 2008-07-01 Interdigital Technology Corporation RLAN wireless telecommunication system with RAN IP gateway and methods
US7489672B2 (en) 2002-03-26 2009-02-10 Interdigital Technology Corp. RLAN wireless telecommunication system with RAN IP gateway and methods
US7406068B2 (en) 2002-03-26 2008-07-29 Interdigital Technology Corporation TDD-RLAN wireless telecommunication system with RAN IP gateway and methods
US8432893B2 (en) 2002-03-26 2013-04-30 Interdigital Technology Corporation RLAN wireless telecommunication system with RAN IP gateway and methods
US7505431B2 (en) 2002-03-26 2009-03-17 Interdigital Technology Corporation RLAN wireless telecommunication system with RAN IP gateway and methods
AU2002307899A1 (en) * 2002-04-25 2003-11-10 Nokia Corporation Method and network system for charging a roaming network subscriber
FI20020982A (en) * 2002-05-24 2003-11-25 Sonera Oyj Authentication method and arrangement
CN100409613C (en) * 2002-08-08 2008-08-06 中兴通讯股份有限公司 Authority discrimination charging method based on combined radio local area web and CDMA system
KR100547371B1 (en) * 2002-09-12 2006-01-26 주식회사 케이티 Location-based realtime auto-group service method on the public W-LAN
US20040203751A1 (en) * 2002-10-21 2004-10-14 Excino Technologies Inc. Peer-to-peer (P2P) collaborative system for service aggregation, rapid service provisioning and service roaming
JP2004343448A (en) * 2003-05-15 2004-12-02 Matsushita Electric Ind Co Ltd Authentication system for wireless lan access
KR100539547B1 (en) * 2003-08-20 2005-12-29 엘지전자 주식회사 System and Control Method for Assent Internet Connection
KR101049635B1 (en) 2003-12-30 2011-07-14 주식회사 케이티 Roaming Service between Public WLAN and Enterprise WLAN
TW200614783A (en) * 2004-07-20 2006-05-01 Ibm Communication apparatus, communication system, communication method, communication service method, program, and recording medium
US20060223499A1 (en) * 2005-03-30 2006-10-05 Pecen Mark E Broadcast subscription management method and apparatus
CN100417146C (en) * 2005-04-30 2008-09-03 华为技术有限公司 Method for power discrimination and charging and external user interface gateway
US7649888B2 (en) * 2006-07-14 2010-01-19 Futurewei Technologies, Inc. System for link independent multi-homing in heterogeneous access networks
US8509815B1 (en) * 2009-05-21 2013-08-13 Sprint Communications Company L.P. Dynamically updating a home agent with location-based information
CN106257862B (en) * 2015-06-19 2019-09-17 中兴新能源汽车有限责任公司 The method and device of wireless charging device certification and charging server certification
US10637655B1 (en) * 2018-01-09 2020-04-28 Amdocs Development Limited System, method, and computer program for providing seamless data access from different internet service providers

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6256620B1 (en) * 1998-01-16 2001-07-03 Aspect Communications Method and apparatus for monitoring information access
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008048756A2 (en) * 2006-10-16 2008-04-24 Motorola Inc. Method and apparatus for re-registration of connections for service continuity
WO2008048756A3 (en) * 2006-10-16 2008-08-21 Motorola Inc Method and apparatus for re-registration of connections for service continuity
US7746836B2 (en) 2006-10-16 2010-06-29 Motorola, Inc. Method and apparatus for re-registration of connections for service continuity in an agnostic access internet protocol multimedia communication system
US8213394B2 (en) 2006-10-16 2012-07-03 Motorola Mobility, Inc. Method and apparatus for management of inactive connections for service continuity in an agnostic access internet protocol multimedia communication
US9148903B2 (en) 2006-10-16 2015-09-29 Google Technology Holdings LLC Method and apparatus for management of inactive connections for service continuity in an agnostic internet protocol multimedia communication system
EP2337388A3 (en) * 2009-12-21 2011-08-31 France Telecom Method for secure access by at least one visitor terminal to a host network

Also Published As

Publication number Publication date
DE60130857T2 (en) 2008-07-24
EP1199843A3 (en) 2003-08-27
US20020034298A1 (en) 2002-03-21
EP1199843B1 (en) 2007-10-10
GB2366948B (en) 2004-01-21
EP1199843A2 (en) 2002-04-24
DE60130857D1 (en) 2007-11-22
GB0022604D0 (en) 2000-11-01

Similar Documents

Publication Publication Date Title
EP1199843B1 (en) Lan user protocol
CN1330214C (en) Interactive method for re-selecting operating network to wireless local network
US6950628B1 (en) Method for grouping 802.11 stations into authorized service sets to differentiate network access and services
CN101150594B (en) Integrated access method and system for mobile cellular network and WLAN
US7193985B1 (en) System and method for managing foreign agent selections in a mobile internet protocol network
US7590732B2 (en) Enhancement of AAA routing originated from a local access network involving intermediary network preferences
JP3984993B2 (en) Method and system for establishing a connection through an access network
US7298725B2 (en) Enhancement of AAA routing initiated from a home service network involving intermediary network preferences
CN1319337C (en) Authentication method based on Ethernet authentication system
JP2020506588A (en) Interworking function using unreliable network
US20050059398A1 (en) Telecommunication method and system
EP1712058A1 (en) Method and system for the secure and transparent provision of mobile ip services in an aaa environment
JP2005503087A (en) Mobile internet communication apparatus and method
WO2006024969A1 (en) Wireless local area network authentication method
US20040010713A1 (en) EAP telecommunication protocol extension
NO342167B1 (en) Authentication in mobile collaboration systems
CN103052064A (en) Method, equipment and system for accessing private services of operator
CN100355251C (en) Method for sending a ata of user mark after renewing
CN101330528B (en) Mobile IP network optimization system and implementing method thereof
EP1448000B1 (en) Method and system for authenticating a subscriber
EP1521429B1 (en) Delivering additional information needed in connection setup

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20100826 AND 20100901

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20190915